[MAVEN:GHSA-WFW6-MMMP-87XM] Improper Input Validation in Apache Batik
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Package | Affected Version |
---|---|
pkg:maven/org.apache.xmlgraphics/batik | >= 1.0, < 1.8 |
Package | Fixed Version |
---|---|
pkg:maven/org.apache.xmlgraphics/batik | = 1.8 |
- ID
- MAVEN:GHSA-WFW6-MMMP-87XM
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-wfw6-mmmp-87xm
- Published
-
2022-05-17T00:28:34
(2 years ago) - Modified
-
2023-01-27T05:02:35
(20 months ago) - Rights
- Maven Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |